4 matches found
Sql injection
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request...
CVE-2018-9925
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request...
idreamsoft iCMS Cross-Site Request Forgery Vulnerability
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in idreamsoft iCMS 7.0.7 and earlier versions. A remote attacker can exploit this vulnerability by sending an...
idreamsoft iCMS SQL Injection Vulnerability
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in idreamsoft iCMS 7.0.7 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'pid' array parameter in the...